RE: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar

From: Zach Forsyth (Zach.Forsyth_at_kiandra.com)
Date: 06/09/04

Next message: 404: "Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar"

Previous message: Benjamin Meade: "Re: [Full-Disclosure] Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)"
Maybe in reply to: mark: "[Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar"
Next in thread: mark: "Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <mark@edwards.org>, <full-disclosure@lists.netsys.com>
Date: Wed, 9 Jun 2004 17:28:33 +1000

Try cwshredder.
http://www.spywareinfo.com/~merijn/index.html

Cheers

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of mark
Sent: Wednesday, 9 June 2004 3:51 PM
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal
toolbar

Anybody know about some trojan(s) that spawn a "tvm.exe" process, a
"poll each.exe" process, inserts a "blehdefyreal" toolbar into IE, and
hijacks the IE homepage to point to allaboutsearching.com? This thing
also opens pop-ups pointing to this page:

http://69.20.62.53/yyy3.html

If the registry entries related to these processes are deleted then they
keep being recreated.

What is it? And how does one remove it?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: 404: "Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar"

Previous message: Benjamin Meade: "Re: [Full-Disclosure] Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)"
Maybe in reply to: mark: "[Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar"
Next in thread: mark: "Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [Full-disclosure] Hushmail from full-disclosure-request@lists.grok.org.uk
... click the "Preferences" link in the toolbar once you have logged ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-Disclosure] Administrivia: Poll
... Subject: [Full-Disclosure] Administrivia: Poll ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
(Full-Disclosure)
Accessing the web all the time any time with xp, charter,
... I am connected to Charter through a surfboard modem. ... That site was save on my address toolbar. ... cannot find server message. ...
(microsoft.public.windowsxp.network_web)
[Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar
... Anybody know about some trojanthat spawn a "tvm.exe" process, ... "poll each.exe" process, inserts a "blehdefyreal" toolbar into IE, and ... hijacks the IE homepage to point to allaboutsearching.com? ...
(Full-Disclosure)